CVE-2021-21604
HIGHJenkins < 2.263.1, < 2.274 - Deserialization of Untrusted Data via Old Data Monitor
Title source: llmDescription
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923
Scores
CVSS v3
8.0
EPSS
0.0083
EPSS Percentile
74.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (3)
jenkins/jenkins
< 2.263.1
jenkins/jenkins
< 2.274
org.jenkins-ci.main/jenkins-core
0 - 2.263.2Maven
Published
Jan 13, 2021
Tracked Since
Feb 18, 2026